At a glance:

Endpoint Vulnerability

Out-of-bounds write through TypedArrayObject after neutering

Description

Security researcher George Hotz, via TippingPoint's Pwn2Own contest, discovered an issue where values are copied from an array into a second, neutered array. This allows for an out-of-bounds write into memory, causing an exploitable crash leading to arbitrary code execution.